Board Risks and How to Mitigate Them
The board of directors play a critical role in a company. They represent the company and have a fiduciary duty to its shareholders and assets. While they do not participate in the day-to-day activities and decisions of a business, they do oversee strategic planning and company operations, set overall policy, exercise an oversight role, and review the actions taken by the company’s officers and executives. This puts the board of directors in the unique position of being accountable at the top-most level for a company’s success, but also at a distance that can impact what is happening at ground level. This can cause a set of unique risks to the board, and by extension to the company and employees at all levels. A number of headlines over the last few years, showcase the damage that can happen when a board, and by extension the entire company, is left unprotected.
Not aware of the potential dangers to the board, and hence the company at large, many businesses fail to have the proper safeguards in place to mitigate potential hazards. Risks include damage to finances, reputation, employee morale, incurring government oversight and fines, and even complete collapse. Fortunately, once aware of these risks and what measures to put in place, companies can easily establish proper protective measures.
Learning from Others
Elizabeth Holmes, founder and CEO of Theranos, a medical technology startup, had promised to revolutionize blood testing with the ability of her company’s product to test blood with only a few drops. This device would make testing easy, quick, and convenient, and would one day be available in people’s own homes. It was even claimed that this blood testing equipment would be able to identify 200 health conditions. The problem was, it didn’t work. In February 2022, Elizabeth Holmes was convicted of four of eleven charges of fraud brought by Department of Justice (DOJ), and her company, once valued at over $9 billion, dissolved in 2018.
The boards of directors of Walgreens, Safeway, and even Theranos’ own board all fell prey to the allure of Elizabeth Holmes and her imaginary technology. Some board members had years of experience and numerous accolades, so how could things have gone so wrong, and what could have been done to protect these boards and their corporate wards.
Fortune called the Theranos’ board “the most illustrious board in U.S. corporate history.” It included big names, such as James Mattis, a retired US Marine Corp general, former Secretary of State Henry Kissinger, William Perry the former US secretary of defense, former US Senator Sam Nunn, retired US Navy Admiral Gary Roughead, former US secretary of defense William Perry, Richard Kovacevich the former CEO of Wells Fargo, former director of the Centers for Disease Control and Prevention William H. Foege, heart and lung transplant surgeon and former US Senator William Frist, and the chairman of the board for the Bechtel Group Inc. Riley P. Bechtel.
All seem to have been taken in by the sincerity and confidence of the oddly charismatic Holmes and her promise to save lives. When interviewed about what he thought about Holmes, Mattis replied “integrity” and “competence” – “both technical and scientific but also focused on human rights in the most classical sense of what human rights are about.” The promise of a righteous cause can often lead people down the wrong path without vetting either the cause or the source.
Boards need to ask tough questions and press the issue if the forthcoming answers are evasive or tenuous. One board member, Avie Tevanian, lifelong friend of Steve Jobs and former Apple chief software technology officer did just that. In return, he was asked to leave the board under specious litigation threats. Holmes brooked no opposition and wielded the threat of lawsuits against anyone she deemed a threat.
In March 2008, two employees approached the board chair. They had evidence that Holmes deceived the board about the efficacy of both Theranos’ blood testing technology and its projected revenue. The board decided to replace Holmes as CEO, but when they went to give her the news, she changed their minds. Homes, less than two weeks later, fired both employees who had spoken up. No one on the board looked into the firings, if they were even aware of them.
Directors are fiduciaries and are responsible for the oversight of a company’s compliance function, ensuring the activities of the business comply with the applicable industry, legal, and regulatory frameworks. The United States Sentencing Commission (USSC) sets out the requirements for an effective compliance program in the Federal Sentencing Guidelines. §8B2.1 of the guidelines reads:
“The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.”
Clearly, the board had little to no oversight program in place, which is something that is particularly prevalent in startup environments and emerging businesses. No-one conducted any due diligence on the principals of the company even when investing millions of dollars at early stages. For Theranos, there was no monitoring system in place for compliance with medical and laboratory regulations. Holmes consistently flouted regulatory issues and directly lied about the efficacy of her product. Her blood tests were unable to run the analysis she touted them as being able to, going so far as to hack commercial blood analyzers to clandestinely run tests on them instead of her own product.
If the sudden firing of the whistleblowing employees was not a red flag, the departure of CFO Henry Mosley in 2006 should have come under more scrutiny. Mosley was fired by Holmes when he questioned the “reliability and integrity” of the Theranos’ blood testing systems and equipment.
There were numerous other egregious actions by Elizabeth Holmes that the board appeared to be unaware of. One example took place in 2015, when Centers for Medicare and Medicaid Services (“CMS”) conducted a surprise lab inspection. They found unqualified lab staff, mishandled blood samples, and expired testing reagents. CMS also required that the company void up to a million tests results ran on the Theranos equipment and in 2016 banned them from running a blood testing laboratory. The board was unaware of this as well.
Safeguarding the Board
The Theranos’ Board wanted to do good. Unfortunately, goodwill and a powerful cause is not enough. In this case, the board needed protection even from itself. Why is protecting the board important and what can be learned from Theranos and similar cases?
Protecting the board is important, because the board plays a critical role in a company and can be a tremendous amount to a company, its employees, and shareholders.
What Can be Learned
- The board sets the tone for integrity and ethics. These can be tangibly measured and an oversight system needs to be established and continuously assessed. There should be a system at board-level to monitor and oversee compliance commensurate with the company’s regulatory and legal requirements.
- There should be a vigorous and secure internal risk management, anti-corruption, compliance, and due diligence program. In addition to legal and financial due diligence, an expert investigative firm with global risk and high-level experience can help a company vet the executive team and senior positions such as laboratory director. A history of questionable behaviors should always be evaluated.
- Regular reports, with substantive information, should be required by the board on risk assessment, complaints, investigations, corrective actions, and compliance efforts.
- A culture of transparency should be established and the ability of employees to report problems without fear of retribution to an external, third-party firm that answers directly to the board should be implemented.
- There should also be a culture of accountability: everyone in the organization should be expected to act ethically with consequences for doing otherwise. Any code of conduct should be clearly outlined and the requirements for ethical conduct need to be clearly defined.
- It can be an asset if someone on the board is an expert in the business sector of the company or if the board has regular consultation with a risk management expert. In Theranos’ case, this could have been a medical or scientific advisory board which would work alongside the company’s leaders and internal teams. If a subject-matter expert is consulted or on the board, it is important that they have no conflicts of interest and are neither bound by an NDA from a similar corporation nor sitting on a competitor’s board.
- Routine deep due diligence background checks on board members and executives should be implemented. These should be run by an expert external investigative firm that can complete comprehensive deep due diligence investigations. This is one way to make sure that, as previously mentioned, a board member, or other executive, does not have competing interests and are who they say they are. This should also be done during M&A proceedings, when forming business partnerships with supply chain vendors, and not bypassed when hiring internal recommendations, friends, or relations.
A Board of Directors plays a critical role in any corporation and safeguards should be established to guarantee that they steer the best course for the company. Theranos provides a substantive lesson in how many things can go wrong in a company. The lives, finances, investments, and jobs of many people were negatively impacted by the unethical acts perpetrated by Elizbeth Holmes and Ramesh “Sunny” Balwani. The board was taken in by Holmes, as were many others outside of Theranos.
This does not mean, however, that other companies are free from malfeasance or are safe from bad actors. Just because board members or some executives and employees have integrity, does not mean all do, and without establishing an ethos of integrity and accountability with proper safeguards and measures in place, a company has no way of protecting or mitigating risk. This starts from the top down.
Protecting the board, is establishing measures to safeguard the whole company from investors and shareholders to employees to clients and partnerships. Fortunately, setting up the proper oversight, due diligence, compliance, risk management, accountability, and culture of integrity can safeguard their success and indeed the future of the corporation.